Countermeasures for web application input attacks

Bookmark This (opens in new window)

An input attack is a malicious attack on an application where the attacker is inputting data in an attempt to disrupt the application. Two of the most well-known input attacks are buffer overflow and script injection.

Countermeasures for these include:

  • Effective input field filtering. Input fields should be filtered to remove all characters that might be a part of an input injection. Which characters are removed will depend upon the types of software used by the application.
  • Application firewall. Network firewalls inspect only the source and destination addresses and the port numbers, but not the contents of network packets. Application firewalls examine the contents of packets and block packets containing input attack code and other unwanted data.
  • Application vulnerability scanning. Organizations that develop their own applications for online use should scan those applications for input attack vulnerabilities, in order to identify vulnerabilities prior to their being discovered and exploited by outsiders.

These countermeasures lower the risk of input injection by making the application more robust and/or protected from input attacks.

Countermeasures for parameter tampering attacks.

Advertisements

2 thoughts on “Countermeasures for web application input attacks

  1. Pingback: Countermeasures for web application parameter tampering attacks « Securitas Operandi™

  2. Pingback: Chinese Hackers: no web site is 100% safe « Securitas Operandi™

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s